Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/6ade9b-3216-4fef-8049-f3e24e075e35/1/TcxgpyuKmrkeaZ4z6fpQcufzP_A.roa
File:                     TcxgpyuKmrkeaZ4z6fpQcufzP_A.roa (raw, json)
Hash identifier:          sIJzganOXNme454OPq4R7JRICUkIZTkkpufACHGn038=
Subject key identifier:   4D:CC:60:A7:2B:8A:9A:B9:1E:69:9E:33:E9:FA:50:72:E7:F3:3F:F0
Certificate issuer:       /CN=ed3ff7836530d1c474f4d088b6b36224fbf6982d
Certificate serial:       018CC9BB4536450B128D2F752F50702170B9
Authority key identifier: ED:3F:F7:83:65:30:D1:C4:74:F4:D0:88:B6:B3:62:24:FB:F6:98:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7T_3g2Uw0cR09NCItrNiJPv2mC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/6ade9b-3216-4fef-8049-f3e24e075e35/1/TcxgpyuKmrkeaZ4z6fpQcufzP_A.roa
Signing time:             Tue 02 Jan 2024 10:32:22 +0000
ROA not before:           Tue 02 Jan 2024 10:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        45.88.31.0/24 maxlen: 24
                          45.88.28.0/24 maxlen: 24
                          45.88.30.0/24 maxlen: 24
                          45.88.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/6ade9b-3216-4fef-8049-f3e24e075e35/1/7T_3g2Uw0cR09NCItrNiJPv2mC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/6ade9b-3216-4fef-8049-f3e24e075e35/1/7T_3g2Uw0cR09NCItrNiJPv2mC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7T_3g2Uw0cR09NCItrNiJPv2mC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 13:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:45:36:45:0b:12:8d:2f:75:2f:50:70:21:70:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed3ff7836530d1c474f4d088b6b36224fbf6982d
        Validity
            Not Before: Jan  2 10:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4dcc60a72b8a9ab91e699e33e9fa5072e7f33ff0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:87:11:a1:49:0a:91:aa:a8:c8:dc:75:6f:72:
                    29:f1:6d:18:ef:db:23:78:9b:eb:d3:88:6f:cd:65:
                    da:85:af:40:08:24:44:92:8a:2b:c7:24:2a:ca:dd:
                    4c:71:7f:f5:fb:f6:34:bb:06:d1:16:5a:e7:71:31:
                    a7:bb:30:c5:f2:93:92:8c:08:5a:d7:3c:f5:36:75:
                    42:92:6b:e1:74:15:d0:2a:6e:f2:ab:ae:57:af:b6:
                    b2:4c:81:13:03:16:3b:f1:ae:5a:a5:f7:e2:d4:7e:
                    89:ec:75:47:95:bb:96:3a:b3:b4:99:3e:e6:cb:1b:
                    85:9b:a0:f4:f5:3c:49:04:1b:0b:b8:45:17:32:54:
                    6b:fe:3a:d7:0a:02:4a:ef:ca:6c:96:78:d1:a9:59:
                    ea:60:d3:17:36:8a:7c:0c:6f:e7:09:d4:cc:42:c5:
                    0e:48:d2:6b:f8:a8:45:f5:22:23:36:37:b2:39:a7:
                    47:d8:c3:0e:1a:be:2d:a8:38:4d:c5:a2:a5:c1:5a:
                    6d:10:39:23:fa:ee:46:f0:ca:fe:09:ff:2c:2a:fd:
                    33:8b:22:ba:3a:df:f6:df:4c:e6:7b:e6:69:3a:a5:
                    03:e0:a4:a1:34:47:02:ed:c1:94:a6:5a:99:9b:74:
                    fe:78:fc:01:a6:41:a3:99:ad:9f:cf:47:f0:32:3f:
                    e9:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:CC:60:A7:2B:8A:9A:B9:1E:69:9E:33:E9:FA:50:72:E7:F3:3F:F0
            X509v3 Authority Key Identifier:
                keyid:ED:3F:F7:83:65:30:D1:C4:74:F4:D0:88:B6:B3:62:24:FB:F6:98:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7T_3g2Uw0cR09NCItrNiJPv2mC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/6ade9b-3216-4fef-8049-f3e24e075e35/1/TcxgpyuKmrkeaZ4z6fpQcufzP_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/6ade9b-3216-4fef-8049-f3e24e075e35/1/7T_3g2Uw0cR09NCItrNiJPv2mC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:03:c4:01:cf:db:01:9b:bf:d7:d6:a1:37:d2:83:be:57:12:
         6e:2e:3f:9f:d2:24:9b:29:5c:59:e3:ea:a5:02:50:50:22:1e:
         ba:50:34:30:eb:16:b9:64:6e:1c:a1:d1:8f:c4:39:13:ea:81:
         9f:a7:fb:43:04:46:5d:24:80:de:e1:e9:61:93:0c:fe:03:6c:
         97:8d:2c:3e:f6:10:24:80:13:0d:21:77:8e:f5:70:0f:fe:ea:
         42:79:11:55:da:44:41:91:ed:d6:ac:1a:ee:0c:b7:b3:5c:89:
         37:0e:bc:b3:35:03:ff:47:d9:c1:34:0e:6a:8f:99:ef:55:8f:
         6a:04:52:49:b1:da:64:76:29:64:8a:37:d0:e3:48:77:25:1b:
         79:9d:3f:f9:2c:f5:56:e0:16:9d:59:8d:c0:bf:9d:cf:1c:e2:
         01:02:e4:4f:95:09:ae:9e:5f:72:08:4e:55:0d:90:ab:7f:d7:
         11:f8:1b:f8:65:9a:21:65:b9:3e:69:fa:af:cc:56:f6:8b:d6:
         df:ce:c8:d0:d2:f3:04:73:71:a4:d7:84:03:4f:df:35:29:e4:
         34:87:4e:c0:0c:1e:60:6b:d9:56:6c:50:28:b2:72:cf:4c:cd:
         4d:4f:04:6f:b8:8c:90:08:46:06:2f:4b:25:c8:6d:90:e0:37:
         c4:94:0d:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu0U2RQsSjS91L1BwIXC5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkM2ZmNzgzNjUzMGQxYzQ3NGY0ZDA4OGI2YjM2MjI0ZmJm
Njk4MmQwHhcNMjQwMTAyMTAzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGNjNjBhNzJiOGE5YWI5MWU2OTllMzNlOWZhNTA3MmU3ZjMzZmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4cRoUkKkaqoyNx1b3Ip8W0Y79sj
eJvr04hvzWXaha9ACCREkoorxyQqyt1McX/1+/Y0uwbRFlrncTGnuzDF8pOSjAha
1zz1NnVCkmvhdBXQKm7yq65Xr7ayTIETAxY78a5apffi1H6J7HVHlbuWOrO0mT7m
yxuFm6D09TxJBBsLuEUXMlRr/jrXCgJK78pslnjRqVnqYNMXNop8DG/nCdTMQsUO
SNJr+KhF9SIjNjeyOadH2MMOGr4tqDhNxaKlwVptEDkj+u5G8Mr+Cf8sKv0ziyK6
Ot/230zme+ZpOqUD4KShNEcC7cGUplqZm3T+ePwBpkGjma2fz0fwMj/pVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE3MYKcripq5HmmeM+n6UHLn8z/wMB8GA1UdIwQY
MBaAFO0/94NlMNHEdPTQiLazYiT79pgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1RfM2cyVXcwY1IwOU5DSXRyTmlKUHYybUMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS82YWRlOWItMzIxNi00ZmVmLTgwNDkt
ZjNlMjRlMDc1ZTM1LzEvVGN4Z3B5dUttcmtlYVo0ejZmcFFjdWZ6UF9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS82YWRlOWItMzIxNi00ZmVmLTgwNDktZjNlMjRlMDc1ZTM1
LzEvN1RfM2cyVXcwY1IwOU5DSXRyTmlKUHYybUMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVgcMA0G
CSqGSIb3DQEBCwUAA4IBAQADA8QBz9sBm7/X1qE30oO+VxJuLj+f0iSbKVxZ4+ql
AlBQIh66UDQw6xa5ZG4codGPxDkT6oGfp/tDBEZdJIDe4elhkwz+A2yXjSw+9hAk
gBMNIXeO9XAP/upCeRFV2kRBke3WrBruDLezXIk3DryzNQP/R9nBNA5qj5nvVY9q
BFJJsdpkdilkijfQ40h3JRt5nT/5LPVW4BadWY3Av53PHOIBAuRPlQmunl9yCE5V
DZCrf9cR+Bv4ZZohZbk+afqvzFb2i9bfzsjQ0vMEc3Gk14QDT981KeQ0h07ADB5g
a9lWbFAosnLPTM1NTwRvuIyQCEYGL0slyG2Q4DfElA2I
-----END CERTIFICATE-----